Application Security Engineer

About This Role

Responsibilities

• Support the integration of security controls and best practices across various phases of the SDLC
• Assist in security assessments, including static and dynamic code analysis, open-source dependency analysis, and limited penetration testing
• Participate in manual and automated code reviews to identify potential vulnerabilities and coding flaws
• Collaborate with software engineers to promote secure development practices, including the use of security testing tools in CI/CD pipelines
• Contribute to the evaluation, deployment, and tuning of DevSecOps tools such as SAST, DAST, and SCA platforms
• Help maintain secure deployment workflows and support security automation efforts
• Participate in cross-functional security reviews of new features and systems with guidance from senior engineers
• Stay up to date on current security threats, vulnerabilities, and best practices in application security
• Assist with triaging vulnerabilities from internal scans, bug bounty submissions, or external assessments
• Document processes and playbooks to support consistent and scalable security practices
• Provide input to the development of internal security standards and reference architectures
• Support remediation efforts in collaboration with engineering teams
• Participate in promoting a security-first culture across the organization
• Other duties and responsibilities as assigned

Requirements

• Bachelor's degree in computer science, cybersecurity, or a related technical field
• 2+ years of experience in cybersecurity, software engineering, or DevOps, with at least 1+ years focused on application or product security
• Experience with programming/scripting languages such as Python, JavaScript, or Java
• Familiarity with DevSecOps tools (SAST, DAST, SCA) and secure SDLC methodologies
• Solid understanding of common web application vulnerabilities (e.g., OWASP Top 10, CWE) and remediation strategies
• Ability to analyze code and spot security issues with guidance
• Strong communication and collaboration skills
• Strong attention to detail and willingness to learn new technologies
• Hands-on experience with CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins) - nice to have
• Familiarity with security standards and frameworks such as NIST, OWASP SAMM, ISO 27001, or PCI DSS - nice to have
• Experience working in a regulated environment (e.g., financial services, healthcare, or government) - nice to have
• Professional certifications such as Security+, CEH, eJPT, or equivalent (OSCP or similar preferred but not required) - nice to have
• Exposure to cloud platforms such as AWS, Azure, or GCP - nice to have
• Experience contributing to or managing a bug bounty triage process - nice to have

Benefits & Perks

About DigiCert

DigiCert is a global leader in digital trust solutions, offering high-assurance TLS/SSL certificates, PKI (Public Key Infrastructure), IoT security, and code signing. Their DigiCert ONE platform provides centralized management for digital trust across various applications, including websites, devices, and enterprise access. Founded in 2003, DigiCert has grown significantly, securing over 40 billion web connections and 28 billion devices daily. The company employs over 1,600 people and serves customers in more than 180 countries. DigiCert is recognized for its innovations in the industry, including unlimited reissues and advanced security solutions for IoT devices. They maintain a strong presence in the market, holding over 80% of Fortune 500 trust and leading in standards development. With a commitment to ease of use and real-world problem-solving, DigiCert continues to enhance digital security for businesses worldwide.